There is often a need to communicate a message in secret over a channel which can potentially be intercepted by an eavesdropper. Traditionally, such a problem has been addressed by encrypting or enciphering the message using a secret key. Quantum communication provides a secure method for distributing such a key. The sender (Alice) encodes bit information using randomly one of at least two non-orthogonal encoding basis upon single photons, where each photon carries 1 bit of information encoded as quantum state of the photon e.g. polarisation, phase or energy/time of the photon. The receiver (Bob) measures the encoded photons using a measurement basis randomly chosen from at least two bases for each photon. The measurement recovers the correct encoded bit if Bob has chosen a compatible measurement basis. Alice and Bob can post-select Bob's measurement results to sift a shared key bit sequence through classical communication.
Two common protocols for distributing a secret key using single photons or weak coherent pulses are known as BB84 (Bennett et al. Proceedings of the IEEE International Conference on Computers, Systems and Signal Processing, Bangalore, India (IEEE, New York 1984) p 175) and B92 (Bennett, Phys Rev. Lett, 68 3121 (1992)).
Quantum communication, or quantum key distribution, provides a solution for distributing keys between two remote parties. For the keys to be distributed securely it is essential that the users can authenticate one another. This allows Alice to be sure she is communicating with Bob and Bob to be sure he is communicating with Alice.
There exists a potentially risky security loophole in the conventional quantum communication system. An eavesdropper (Eve) can launch the so-called “man-in-the-middle attack” and gain full information without detection. In this attack, she severs the communication link between Alice and Bob, then impersonates Alice to Bob, and Bob to Alice. She exchanges keys with Alice and Bob separately, and therefore obtain two independent copies of keys—one perfectly shared with Alice and one perfectly shared with Bob. Subsequently, any communications encrypted by these keys are readable to Eve.
To address such “man-in-the-middle attack”, user “authentication” can be used. It is often assumed that a private quantum channel is inherently authentic and needs no further authentication. If authentication is performed, it is usually performed between two parties by authenticating classical communication using classical cryptography. Alice and Bob pre-shared a secret key prior to quantum communication, and use this secret key to authenticate each classical communication message with each other. Alice and Bob can either encrypt all of their classical communications or using classical hash functions to hash the classical communication message to form a message digest which is used for identifying the origin of message. The former method may cost too much in terms of key materials, and is not practical. The latter method of using hashing, which costs less in terms of key materials than encryption, is widely used in quantum communication systems.
However, there is a disadvantage of authenticating classical messages. Classical authentication does not allow re-use of the authentication key, and the authentication key must be refreshed for every classical message. This will make authentication management very complex, and authentication may cost too much in terms of key materials.
In quantum communication systems, the photon pulses are either generated using a so-called single photon source which is configured to output pulses containing one photon in response to electrical or optical stimulation or they are generated by attenuating pulses from a conventional pulsed laser. There exists a security risk in quantum communication systems using attenuated laser pulses as the carriers for the quantum information since multiphoton pulses are inevitably produced even by very strongly attenuated lasers. The distribution in the number of photons per pulse for an attenuated laser with average of μ photons per pulse obeys Poissonian statistics:P(n)=μne−n/n!, where P(n) represents probability of a pulse containing n photons. There is a finite probability of a pulse containing more than one photon. Pulses containing more than one photon are called multiphoton pulses. Eve can launch a pulse-number splitting attack upon these multiphoton pulses. For each multiphoton pulse, she splits one photon from the pulse and stores it, and passes the remainder of the pulse to Bob. She can measure precisely the stored photon after Bob's announcement of the measurement basis. In this way, she gains the full information of the state encoded upon the multiphoton pulse without causing errors in Alice and Bob's shared key. Generally, the photon-number splitting attack either completely destroys the security of a quantum key distribution system or strongly reduces its maximum bit rate or range.